Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:0011-1

Опубликовано: 02 янв. 2023
Источник: suse-cvrf

Описание

Security update for saphanabootstrap-formula

This update for saphanabootstrap-formula fixes the following issues:

  • Version bump 0.13.1

    • revert changes to spec file to re-enable SLES RPM builds
    • CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/ha_cluster.sls (bsc#1205990)

  • Version bump 0.13.0

    • pass sid to sudoers in a SLES12 compatible way
    • add location constraint to gcp_stonith

  • Version bump 0.12.1

    • moved templates dir into hana dir in repository to be gitfs compatible

  • Version bump 0.12.0

    • add SAPHanaSR takeover blocker

  • Version bump 0.11.0

    • use check_cmd instead of tmp sudoers file
    • make sudoers rules more secure
    • migrate sudoers to template file

  • Version bump 0.10.1

    • fix hook removal conditions
    • fix majority_maker code on case grain is empty

  • Version bump 0.10.0

    • allow to disable shared HANA basepath and rework add_hosts code (enables HANA scale-out on AWS)
    • do not edit global.ini directly (if not needed)

  • Version bump 0.9.1

    • fix majority_maker code on case grain is empty

  • Version bump 0.9.0

    • define vip_mechanism for every provider and reorder resources (same schema for all SAP related formulas)

  • Version bump 0.8.1

    • use multi-target Hook on HANA scale-out

  • Version bump 0.8.0

    • add HANA scale-out support
    • add idempotence to not affect a running HANA and cluster

  • Version bump 0.7.2

    • add native fencing for microsoft-azure

  • fixes a not working import of dbapi in SUSE/ha-sap-terraform-deployments#703

  • removes the installation and extraction of all hdbcli files in the /hana/shared/srHook directory

  • fixes execution order of srTakeover/srCostOptMemConfig hook

  • renames and updates hook srTakeover to srCostOptMemConfig

  • Changing exporter stickiness to => 0 and adjusting the colocation score from +inf to -inf and changing the colocation from Master to Slave. This change fix the impact of a failed exporter in regards to the HANA DB.

  • Document extra_parameters in pillar.example (bsc#1185643)

  • Change hanadb_exporter default timeout value to 30 seconds

  • Set correct stickiness for the azure-lb resource The azure-lb resource receives an stickiness=0 to not influence on transitions calculations as the HANA resources have more priority

Список пакетов

SUSE Linux Enterprise Server for SAP Applications 12 SP4
saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-4.18.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-4.18.1

Ссылки

Описание

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.

Затронутые продукты
SUSE Linux Enterprise Server for SAP Applications 12 SP4:saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-4.18.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-4.18.1
Ссылки